Researchers hack RFID credit cards. Big surprise.
By Cyrus Farivar 
posted October 23rd 2006 7:06PM
posted October 23rd 2006 7:06PM
RFID has been riddled with so many problems, it's amazing that anyone even has a shred of confidence in this technology at all. Our latest security problem du jour is that credit card companies are apparently issuing plastic that relays your digits wirelessly; as you might have guessed, security researchers are checking into this, and in a demonstration for The New York Times, easily hacked a University of Massachusetts computer science professor's newfangled RFID credit card. In short order (and with his permission), a researcher working with RSA Labs was able to steal the professor's name and credit card number that was being transmitted in cleartext -- thereby poking massive holes in Visa, MasterCard and American Express' claims that these card include "the highest level of encryption allowed by the U.S. government." Predictably, the credit card companies have already dismissed claims that the populus will be greatly affected by this hack. Brian Triplett, senior vice president for emerging-product development for Visa, told the Gray Lady: "This is an interesting technical exercise, but as a real threat to a consumer - that threat really doesn't exist." Well, Brian, care to put your plastic where your mouth is?[Via TechDirt]
To Cami, not that is another problem about this RFid thing, how would the reader know which card you want swiped if you have 2 or more cards in your billfold?
Well apparently i have always love the idea of RFID on your card. I'm from a country where (world wide accepted) Credit Card has just been introduced to the public, Nigeria, with quite a few bank providing it. So when i saw a post like this, i was so interested in it.
To me, i think the idea of rfid sucks since any memeber of the general public could get him/herself a rfid reader thru which one can get someone elses' info. Whether theres less or nothing you could do with the info, the fact that i could have my info being transmitted to a total stranger is something worth tripping about. Boh! Then why do i have my moneys on card? Why not go about with cash and let thief rob me?
Between there was someone here who said most of online shops needs 3 digits identification code to approve your order, yea that's true but there are at the same so many online store who doesn't ask for that... So you think all those criminal minded wont find a couple of stores like that? You think they have anything to loose searching for that? It's just a matter of typing a search string into google, powh! they have it and you money is gone.
I don't think i like the idea of rfid on credit card, it's makes no sense to me.
Hey why can this thing happen for a CC? as am a IT Guy we have come across the RAS Login for VPN. We would be Provided a Small equipement which has the password changed every minute or so..less than a mint is also posible. So when we login in the present password displayed in the Secure Login Device will accept the request to go forward. SO if there are things like this it would be of still better security naa...i hope you got me what i explained...?
I'd say yeah, it probably doesn't matter if it can be hacked since credit card companies cover fraud. Also yes, swiping is a big deal... that's why express lines in grocery stores are the longest. If you can streamline payment, you can speed up everything. (In Hong Kong, the Octopus card they use for transportation also works for places like McDonald's and Convenience stores.)
I think it's a great idea, definitely for convenience... They should also start making it easy to slip something in next to your cell phone's battery, under the cover or something, so you don't need to have a separate card. (They had a special cell phone cover for octopus in HK).
Plus, it wouldn't be hard to make a wallet that blocks the RFID signal if you're so paranoid of someone stealing your number.
ok
i can not use my credit card online with windows vista it says its blocking the software and somethang about activex control how do i fix it? can some 1 help me thank you very much.
Don't use Winod$ Vista
I do not understand why the card company's are placing persons card info on rfid chip. all it needs is a standard chip with a 10+ digit random number which is associated with the account number at card company computer, checking it in real time & asking for pin if required. no use to fraudster but a little more expensive to card company.1000 times more secure.
on the subject of rfid I am sure this will be of interest to European and usa readers of how money is being tracked...
http://www.ssrichardmontgomery.com/rfidmoney.htm
(copy and paste link into your browser)